Re: [Full-disclosure] Testing DidTheyReadIt.com

Juha-Matti Laurio to Thierry Zoller:

[un-top-posted]
> > Just a sample test of how many of you read this email. Let's see how
> > good it performs for mailinglists and what comes out.
>
> Your headers etc. doesn't state that this service is in use.

Maybe not _directly_, but comparing Received: headers in other Email 
Thierry has sent to Full-Disclosure from his @Zoller.lu address, you 
quickly see that hyperion.vo.lu is usually (??) the machine that 
injects such messages into the mail chain, whereas "his" test message 
was injected by colibri.e-mail-servers.com

Aside from being totally useless "against" those who use text-only 
MUAs, this kind of service is generally useless because increasingly, 
even vendors like MS realize that user privacy is actually somewhat 
important and increasingly make NOT retrieving remote images (and other 
content) in "rich text" Emails the default, rather than just providing 
an option to turn off such attrocities should the user be aware enough 
to go looking for such an option...

This is an example of a service that, in general, should not work, and 
in future will be increasingly more useless, I think.

In the meantime, all (???) those using it should be asking what kind of 
data leakage they are exposing themselves to, through possible message 
content scanning and sender/receiver address usage patterns, among 
others.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/